I have a configuration for a PV/PVC with a block device that works in the default namespace with the fsGroup tag in the pod spec's securityContext.I was able to create the pod in a non-default namespace with combination of 'openshift.io/scc: restricted' and a supplementalGroups tag with the same value; but this gave the firmilar permission denied error trying to write to the new directory.Note, my image is not being built by OpenShift and has a particular user and group that runs out of the box.1) Can you configure persistent block device storage for non-default projects?
2) Do you need to build the container image for this configuration?
3) Is support required in the volume driver to interpret 'supplementalGroups' separate from 'fsGroup'?(I don't see any reference to 'supplementalGroups' in k8s volume code where I do see 'fsGroup'.)
supplementalGroupsIDs are typically used for controlling access to shared storage, such as NFS and GlusterFS, whereas fsGroup is used for controlling access to block storage, such as Ceph RBD and iSCSI."
dev mailing list
dev lists openshift redhat com